kernel-image-2.6.8-amd64 (2.6.8-16sarge6) stable-security; urgency=high

  * Build against kernel-tree-2.6.8-16sarge6:
    * perfmon-fd-refcnt.dpatch
      [SECURITY][ia64] Fix file descriptor leak in perfmonctl
      system call which could be used as a local denial of service attack
      by depleting the system of file descriptors
      See CVE-2006-3741
    * ia64-sparc-cross-region-mappings.dpatch
      [SECURITY] Prevent cross-region mappings on ia64 and sparc which
      could be used in a local DoS attack (system crash)
      See CVE-2006-4538
    * __block_prepare_write-recovery.dpatch
      [SECURITY] Fix an information leak in __block_prepare_write()
      See CVE-2006-4813
    * atm-clip-freed-skb-deref.dpatch
      [SECURITY] Avoid dereferencing an already freed skb, preventing a
      potential remote DoS (system crash) vector
      See CVE-2006-4997
    * ip6_flowlabel-lockup.dpatch
      [SECURITY] Fix local DoS attack vector (lockups, oopses) in the
      sequence handling for /proc/net/ip6_flowlabel
      See CVE-2006-5619
    * ppc-alignment-exception-table-check.dpatch
      [SECURITY][ppc] Avoid potential DoS which can be triggered by some
      futex ops
      See CVE-2006-5649
    * s390-uaccess-memleak.dpatch
      [SECURITY][s390] Fix memory leak in copy_from_user by clearing the
      remaining bytes of the kernel buffer after a fault on the userspace
      address in copy_from_user()
      See CVE-2006-5174
    * smbfs-honor-mount-opts.dpatch
      Honor uid, gid and mode mount options for smbfs even when unix extensions
      are enabled
      See CVE-2006-5871
    * bridge-get_fdb_entries-overflow.dpatch
      Protect against possible overflow in get_fdb_entries
      See CVE-2006-5751

 -- dann frazier <dannf@debian.org>  Tue,  5 Dec 2006 02:19:56 -0700

kernel-image-2.6.8-amd64 (2.6.8-16sarge5) stable-security; urgency=high

  * Build against kernel-tree-2.6.8-16sarge5:
    * [ERRATA] madvise_remove-restrict.dpatch
      [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with
      CVE-2006-1524. However, this patch fixes an mprotect issue that was
      split off from the original report into CVE-2006-2071. 2.6.8 is not
      vulnerable to CVE-2006-1524 the madvise_remove issue.
      See CVE-2006-2071
    * fs-ext3-bad-nfs-handle.dpatch
      [SECURITY] James McKenzie discovered a Denial of Service vulnerability
      in the NFS driver. When exporting an ext3 file system over NFS, a remote
      attacker could exploit this to trigger a file system panic by sending
      a specially crafted UDP packet.
      See CVE-2006-3468
    * direct-io-write-mem-leak.dpatch
      [SECURITY] Fix memory leak in O_DIRECT write.
      See CVE-2004-2660
    * nfs-handle-long-symlinks.dpatch
      [SECURITY] Fix buffer overflow in NFS readline handling that allows a
      remote server to cause a denial of service (crash) via a long symlink
      See CVE-2005-4798
    * cdrom-bad-cgc.buflen-assign.dpatch
      [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially
      be used by a local user to trigger a buffer overflow via a specially
      crafted DVD, USB stick, or similar automatically mounted device.
      See CVE-2006-2935
    * usb-serial-ftdi_sio-dos.patch
      [SECURITY] fix userspace DoS in ftdi_sio driver
      See CVE-2006-2936
    * selinux-tracer-SID-fix.dpatch
      [SECURITY] Fix vulnerability in selinux_ptrace that prevents local
      users from changing the tracer SID to the SID of another process
      See CVE-2006-1052
    * netfilter-SO_ORIGINAL_DST-leak.dpatch
      [SECURITY] Fix information leak in SO_ORIGINAL_DST
      See CVE-2006-1343
    * sg-no-mmap-VM_IO.dpatch
      [SECURITY] Fix DoS vulnerability whereby a local user could attempt
      a dio/mmap and cause the sg driver to oops.
      See CVE-2006-1528
    * exit-bogus-bugon.dpatch
      [SECURITY] Remove bogus BUG() in exit.c which could be maliciously
      triggered by a local user
      See CVE-2006-1855
    * readv-writev-missing-lsm-check.dpatch,
      readv-writev-missing-lsm-check-compat.dpatch
      [SECURITY] Add missing file_permission callback in readv/writev syscalls
      See CVE-2006-1856
    * snmp-nat-mem-corruption-fix.dpatch
      [SECURITY] Fix memory corruption in snmp_trap_decode
      See CVE-2006-2444
    * kfree_skb-race.dpatch
      [SECURITY] Fix race between kfree_skb and __skb_unlink
      See CVE-2006-2446
    * hppa-mb-extraneous-semicolon.dpatch,
      sparc32-mb-extraneous-semicolons.dpatch,
      sparc64-mb-extraneous-semicolons.dpatch:
      Fix a syntax error caused by extranous semicolons in smp_mb() macros
      which resulted in a build failure with kfree_skb-race.dpatch
    * sctp-priv-elevation.dpatch
      [SECURITY] Fix SCTP privelege escalation
      See CVE-2006-3745
    * sctp-priv-elevation-2.dpatch
      [SECURITY] Fix local DoS resulting from sctp-priv-elevation.dpatch
      See CVE-2006-4535
    * ppc-hid0-dos.dpatch
      [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on
      PPC970 at boot time
      See CVE-2006-4093
    * udf-deadlock.dpatch
      [SECURITY] Fix possible UDF deadlock and memory corruption
      See CVE-2006-4145

 -- dann frazier <dannf@debian.org>  Mon,  4 Sep 2006 09:54:51 -0600

kernel-image-2.6.8-amd64 (2.6.8-16sarge4) stable-security; urgency=high

  * Build against kernel-tree-2.6.8-16sarge4:
    * proc-environ-race-1.dpatch, proc-environ-race-2.dpatch
      [SECURITY] Fix local root vulnerability caused by a race in proc
      See CVE-2006-3626

 -- dann frazier <dannf@debian.org>  Sat, 15 Jul 2006 02:27:54 -0600

kernel-image-2.6.8-amd64 (2.6.8-16sarge3) stable-security; urgency=low

  * Build against kernel-tree-2.6.8-16sarge3:
    * net-protocol-mod-refcounts-pre.dpatch, net-protocol-mod-refcounts.dpatch
      [SECURITY] Fix potential DoS (panic) cause by inconsistent reference
      counting in network protocol modules.
      See CVE-2005-3359
    * netfilter-do_replace-overflow.dpatch
      [SECURITY] Fix buffer overflow in netfilter do_replace which can could
      be triggered by users with CAP_NET_ADMIN rights.
      See CVE-2006-0038
    * sys_mbind-sanity-checking.dpatch
      [SECURITY] Make sure maxnodes is safe size before calculating nlongs in
      get_nodes() to prevent a local DoS vulnerability.
      See CVE-2006-0557
    * smbfs-chroot-escape.dpatch
      [SECURITY] Fix directory traversal vulnerability in smbfs that permits
      local users to escape chroot restrictions
      See CVE-2006-1864
    * perfmon-exit-race.dpatch
      [SECURITY][ia64] Fix local denial of service vulnerability (oops) in
      the ia64 perfmon subsystem
      See CVE-2006-0558
    * ia64-die_if_kernel-returns.dpatch
      [SECURITY][ia64] Fix a potential local DoS on ia64 systems caused by
      an incorrect 'noreturn' attribute on die_if_kernel()
      See CVE-2006-0742
    * smbfs-chroot-escape.dpatch
      [SECURITY] Fix directory traversal vulnerability in smbfs that permits
      local users to escape chroot restrictions
      See CVE-2006-1863
    * binfmt-bad-elf-entry-address.dpatch
      [SECURITY][amd64] Fix potential local DoS vulnerability in the binfmt_elf
      code on em64t processors
      See CVE-2006-0741
    * em64t-uncanonical-return-addr.dpatch
      [SECURITY][amd64] Fix local DoS vulnerability on em64t systems that
      arises when returning program control using SYSRET
      See CVE-2006-0744
    * sctp-discard-unexpected-in-closed.dpatch
      [SECURITY] Fix remote DoS in SCTP code by discarding unexpected chunks
      received in CLOSED state instead of calling BUG()
      See CVE-2006-2271
    * ipv4-id-no-increment.dpatch
      [SECURITY] Fix vulnerability that allows remote attackers to conduct an
      Idle Scan attack, bypassing intended protections against such attacks
      See CVE-2006-1242
    * usb-gadget-rndis-bufoverflow.dpatch
      [SECURITY] Fix buffer overflow in the USB Gadget RNDIS implementation that
      allows for a remote DoS attack (kmalloc'd memory corruption)
      See CVE-2006-1368
    * group_complete_signal-BUG_ON.dpatch
      [SECURITY] Fix improper use of BUG_ON in __group_complete_signal()
      See CVE-2006-1523
    * madvise_remove-restrict.dpatch
      [SECURITY] Fix vulnerability that allows local users to bypass IPC
      permissions and replace portions of read-only tmpfs files with zeroes.
      See CVE-2006-1524
    * mcast-ip-route-null-deref.dpatch
      [SECURITY] Fix local DoS vulnerability that allows local users to panic
      a system by requesting a route for a multicast IP
      See CVE-2006-1525
    * sctp-fragment-recurse.dpatch
      [SECURITY] Fix remote DoS vulnerability that can lead to infinite
      recursion when a packet containing two or more DATA fragments is received
      See CVE-2006-2274
    * sctp-fragmented-receive-fix.dpatch
      [SECURITY] Fix remote DoS vulnerability that allows IP fragmented
      COOKIE_ECHO and HEARTBEAT SCTP control chunks to cause a kernel panic
      See CVE-2006-2272
    * amd64-fp-reg-leak-dep[1-3].dpatch, amd64-fp-reg-leak.dpatch
      [SECURITY][amd64] Fix an information leak that allows a process to see
      a portion of the floating point state of other processes, possibly
      exposing sensitive information.
      See CVE-2006-1056
    * do_add_counters-race.dpatch
      [SECURITY] Fix race condition in the do_add_counters() function in
      netfilter that allows local users with CAP_NET_ADMIN capabilities to
      read kernel memory
      See CVE-2006-0039
    * s390-strnlen_user-return.dpatch
      [SECURITY][s390] Fix local DoS on s390 that may result from strnlen_user
      returning a value that is too large
      See CVE-2006-0456
    * xfs-ftruncate-leak.dpatch
      [SECURITY] Fix leak in the ftruncate call in the XFS filesystem that may
      permit local users to view sensitive information
      See CVE-2006-0554
    * nfs-another-O_DIRECT-fix.dpatch
      [SECURITY] Fix a potential local DoS vulnerability in the NFS O_DIRECT
      code
      See CVE-2006-0555
    * sctp-hb-ack-overflow.dpatch
      [SECURITY] Fix a remote buffer overflow that can result from a badly
      formatted HB-ACK chunk
      See CVE-2006-1857
    * sctp-param-bound-checks.dpatch
      [SECURITY] Fix a bound checking error (remote DoS) in the SCTP parameter
      checking code
      See CVE-2006-1858

 -- dann frazier <dannf@debian.org>  Sat, 20 May 2006 13:40:20 -0500

kernel-image-2.6.8-amd64 (2.6.8-16sarge2) stable-security; urgency=high

  * Rebuild against kernel-tree-2.6.8-16sarge2
  * Increment ABI to -12

 -- dann frazier <dannf@debian.org>  Tue, 31 Jan 2006 23:56:55 -0700

kernel-image-2.6.8-amd64 (2.6.8-16sarge1) stable-security; urgency=high

  * Rebuild against kernel-source-2.6.8 version 2.6.8-16sarge1.

 -- Frederik Schüler <fschueler@gmx.net>  Thu, 18 Aug 2005 13:57:28 +0200

kernel-image-2.6.8-amd64 (2.6.8-15) unstable; urgency=high

  * Build-depend on kernel-image (>= 8.131) and update build script to 
    work with the changed cross-build process in make-kpkg.

 -- Frederik Schüler <fschueler@gmx.net>  Wed,  1 Jun 2005 01:00:55 +0200

kernel-image-2.6.8-amd64 (2.6.8-14) unstable; urgency=high

  * Rebuild with kernel-source-2.6.8 version 2.6.8-16.
  * Urgency: high because this upload fixes security updates and is aimed for
    sarge.

 -- Frederik Schüler <fschueler@gmx.net>  Mon, 30 May 2005 13:22:04 +0200

kernel-image-2.6.8-amd64 (2.6.8-13) unstable; urgency=low

  * Rebuild with kerne-source-2.6.8 version 2.6.8-15.
  * Disable SMP in the em64t-p4 config and activate additional drivers.
  * Bump the ABI version due to the em64t-p4 changes.

 -- Frederik Schüler <fschueler@gmx.net>  Sat, 26 Mar 2005 01:31:26 +0100

kernel-image-2.6.8-amd64 (2.6.8-12) unstable; urgency=low

  * Added versioned dependency on e2fsprogs (>= 1.35-7), needed for
    successfull installation on 32bit userland systems. Closes: #295422
  * Updated kernel images descriptions.
  * Rebuild with kerne-source-2.6.8 version 2.6.8-14.

 -- Frederik Schüler <fschueler@gmx.net>  Tue, 15 Mar 2005 15:30:10 +0100

kernel-image-2.6.8-amd64 (2.6.8-11) unstable; urgency=high

  * Enable CONFIG_EFI_PARTITION (Christoph Hellwig)
  * Rebuild with kernel-source-2.6.8 version 2.6.8-13. (Frederik Schüler)
  * Urgency=high to get all security fixes into sarge ASAP. (Frederik Schüler)
  * Activated SCSI_QLOGIC_1280_1040. (Frederik Schüler)

 -- Frederik Schüler <fschueler@gmx.net>  Fri, 28 Jan 2005 15:15:43 +0100

kernel-image-2.6.8-amd64 (2.6.8-10) unstable; urgency=high

  * Rebuild with kernel-source-2.6.8 version 2.6.8-12.
  * Urgency=high to get all security fixes into sarge ASAP.

 -- Frederik Schüler <fschueler@gmx.net>  Sun,  9 Jan 2005 15:14:05 +0100

kernel-image-2.6.8-amd64 (2.6.8-9) unstable; urgency=high

  * Bumped SONAME.
  * Deactivated CONFIG_PCI_MSI, this will fix installation and operation on
    emachines laptops.
  * Rebuild with kernel-source-2.6.8 version 2.6.8-11.
  * Urgency: high because this release fixes some security issues.
  * set CONFIG_SECURITY_CAPABILITIES=y to work around security issue.

 -- Frederik Schüler <fschueler@gmx.net>  Thu, 30 Dec 2004 09:05:17 +0100

kernel-image-2.6.8-amd64 (2.6.8-8) unstable; urgency=low

  * Removed kernel-image-2.6-* and kernel-headers-2.6-* packages, they are
    now provided by the new kernel-latest-2.6-amd64 package.

 -- Frederik Schüler <fschueler@gmx.net>  Fri,  3 Dec 2004 19:18:15 +0100

kernel-image-2.6.8-amd64 (2.6.8-7) unstable; urgency=low

  * Rebuild with kernel-source 2.6.8-10.

 -- Frederik Schüler <fschueler@gmx.net>  Thu,  2 Dec 2004 11:54:24 +0100

kernel-image-2.6.8-amd64 (2.6.8-6) unstable; urgency=low

  * Frederik Schüler:
    - Rebuild with kernel-source 2.6.8-8.
    - Added amd64-linux-nm wrapper for cross-compilation on i386

 -- Frederik Schüler <fschueler@gmx.net>  Wed, 10 Nov 2004 16:37:18 +0100

kernel-image-2.6.8-amd64 (2.6.8-5) unstable; urgency=high

  * Frederik Schüler
    - Kind of resolve the kernel-headers-2.6.8 binary package issue on i386
      by using a high soname for the packages. Closes: #273672
    - Updated package descriptions.
    - Fixed most of the lintian warnings.
    - Build-depend on kernel-tree-2.6.8-7.

 -- Frederik Schüler <fschueler@gmx.net>  Sun,  3 Oct 2004 15:38:30 +0200

kernel-image-2.6.8-amd64 (2.6.8-4) unstable; urgency=high

  * Frederik Schüler
    - Urgency set to high because this has to go into sarge.
    - Replaced amd64-xeon flavour with em64t-p4 and em64t-p4-smp flavours.
      This hopefully will be the last name change of a kernel-image before
      Sarge releases.
    - Build-depend on gcc-3.4 on amd64.
    - Build-depend on kernel-tree-2.6.8-6.
    - Updated packages descriptions in control file.
    - Disabled CONFIG_USB_STORAGE_RW_DETECT to fix #268184 on amd64 too.

 -- Frederik Schüler <fschueler@gmx.net>  Mon, 20 Sep 2004 00:45:05 +0200

kernel-image-2.6.8-amd64 (2.6.8-3) unstable; urgency=high

  * Frederik Schüler:
    - Removed MTD drivers for all BIOS chips as requested in #257631
    - Activated Message Signaled Interrupts for all kernel flavours
    - Activated Initio INI-A100U2W SCSI module
    - Activated Dallas Semiconductor DS1621 and DS1625 sensors modules
    - Activated new Zoran ZR36057/36067 based video modules
    - Deactivated CONFIG_PREEMPT and CONFIG_IDE_TASKFILE_IO
    - Activated CONFIG_IDEDMA_ONLYDISK in the generic flavour to prevent
      installation problems
    - Rebuild with final 2.6.8-5 source package

 -- Frederik Schüler <fschueler@gmx.net>  Sun, 29 Aug 2004 21:46:38 +0200

kernel-image-2.6.8-amd64 (2.6.8-2) unstable; urgency=high

  * Frederik Schüler:
    - Set CONFIG_AGP=m CONFIG_AGP_INTEL_MCH=m for amd64-xeon flavour
    - Fixed typos in packages description: e64mt -> em64t
    - Added missing cross-compile wrapper scripts to allow building on i386.

  * Roberto Lumbreras:
    - Sponsoring the upload
    - Removed i386 from architecture list of kernel-headers-2.6.8-2, it is
      already provided by kernel-image-2.6.8-i386 and hacked debian/rules so
      make-kpkg does not compliant

 -- Frederik Schüler <fschueler@gmx.net>  Tue, 24 Aug 2004 20:53:15 +0200

kernel-image-2.6.8-amd64 (2.6.8-1) unstable; urgency=low

  * New upstream version

 -- Frederik Schüler <fschueler@gmx.net>  Mon, 16 Aug 2004 17:05:57 +0200

kernel-image-2.6.7-amd64 (2.6.7-6) unstable; urgency=low

  * Goswin von Brederlow:
    - Add i386 to Architecture: in debian/control
    - Set KPKG_ARCH=amd64 on i386 for cross builds
    - Add Build-Depends for biarch gcc-3.4 on i386
    - Add bin/amd64-linux-* wrappers to use the right gcc and flags
    - Build-Depend on new enough dpkg-dev that knows amd64

  * Frederik Schüler:
    - Build-depend on kernel-tree-2.6.7-4
    - Kernel-headers-* has to depend on kernel-kbuild-2.6-3
    - Updated copyright
    - Rebuilt with new 2.6.7-4 kernel tree

 -- Frederik Schüler <fschueler@gmx.net>  Fri, 13 Aug 2004 17:43:53 +0200

kernel-image-2.6.7-amd64 (2.6.7-5) unstable; urgency=low

  * Frederik Schüler: 
    - renamed flavours:
      generic -> amd64-generic
      k8      -> amd64-k8
      k8-smp  -> amd64-k8-smp
      nocona  -> amd64-xeon
    - Changed maintainer field to Debian Kernel Team

 -- Frederik Schüler <fschueler@gmx.net>  Thu, 15 Jul 2004 00:16:19 +0200

kernel-image-2.6.7-amd64 (2.6.7-4) unstable; urgency=low

  * built against kernel-tree-2.6.7-3

 -- Frederik Schüler <fschueler@gmx.net>  Sun, 11 Jul 2004 20:05:37 +0200

kernel-image-2.6.7-amd64 (2.6.7-3) unstable; urgency=low

  * Synced with kernel-image-2.6.6-i386 files and scripts
  * Added a workaround to post-install and headers-install to
    realize $DEB_HOST_ARCH != x86_64
  * Added Intel nocona kernel support (no k8-numa and no iommu, but 
    hyperthreading and smp by default on -nocona kernel flavour)

 -- Frederik Schüler <fschueler@gmx.net>  Wed, 30 Jun 2004 00:37:27 +0200

kernel-image-2.6.7-amd64 (2.6.7-2) unstable; urgency=low

  * built against kernel-tree 2.6.7-2

 -- Frederik Schüler <fschueler@gmx.net>  Mon, 28 Jun 2004 19:50:37 +0200

kernel-image-2.6.7-amd64 (2.6.7-1) unstable; urgency=low

  * repackaged kernel 2.6.7.

 -- Frederik Schüler <fschueler@gmx.net>  Tue, 22 Jun 2004 17:25:43 +0200

kernel-image-2.6.6-amd64 (2.6.6-4) unstable; urgency=low

  * made usb and full hid static
  * removed preempt

 -- Frederik Schüler <fschueler@gmx.net>  Sat,  5 Jun 2004 22:53:06 +0200

kernel-image-2.6.6-amd64 (2.6.6-3) unstable; urgency=low

  * don't mount devfs by default on k8 and k8-smp 

 -- Frederik Schüler <fschueler@gmx.net>  Tue, 25 May 2004 16:10:05 +0200

kernel-image-2.6.6-amd64 (2.6.6-2) unstable; urgency=low

  * raised reamdisk size to 65536K

 -- Frederik Schüler <fschueler@gmx.net>  Mon, 24 May 2004 18:40:54 +0200

kernel-image-2.6.6-amd64 (2.6.6-1) unstable; urgency=low

  * repackaged kernel 2.6.6

 -- Frederik Schüler <fschueler@gmx.net>  Sat, 22 May 2004 01:13:48 +0200

kernel-image-2.6.5-amd64 (2.6.5-1) unstable; urgency=low

  * initial release

 -- Frederik Schüler <fschueler@gmx.net>  Tue,  6 Apr 2004 22:52:18 +0200
